| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The pswd.js script relies on the client to calculate whether a username and password match hard-coded hashed values for a server, and uses a hashing scheme that creates a large number of collisions, which makes it easier for remote attackers to conduct offline brute force attacks. NOTE: this script might also allow attackers to generate the server-side "secret" URL without determining the original password, but this possibility was not discussed by the original researcher. |
| BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call. |
| Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command. |
| Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges. |
| hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleartext in the hotfoon2 registry key, which allows local users to gain access to user accounts and steal phone service. |
| Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information. |
| Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access. |
| ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords. |
| Lawson Financials 8.0, when configured to use a third party relational database, stores usernames and passwords in a world-readable file, which allows local users to read the passwords and log onto the database. |
| Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges. |
| Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta. |
| Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires human interaction from a person other than the attacker., In the case of the Web player (Business Author): Successful execution of this vulnerability via the Web Player, will result in the attacker being able to run arbitrary code as the account running the Web player process, In the case of Automation Services: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code via Automation Services..This issue affects Spotfire Analyst: from 12.0.9 through 12.5.0, from 14.0 through 14.0.2; Spotfire Server: from 12.0.10 through 12.5.0, from 14.0 through 14.0.3, from 14.2.0 through 14.3.0; Spotfire for AWS Marketplace: from 14.0 before 14.3.0. |
| CWE-250: Execution with Unnecessary Privileges |
| A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion. |
| An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations. |
| A potential vulnerability was reported in some Lenovo Tablets that could allow a local authenticated user or application to gain access to sensitive device specific information. |
| Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used on the product may obtain the product login password. |
| Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The EventSource and Sensor CRs allow the corresponding orchestrated pod to be customized with spec.template and spec.template.container (with type k8s.io/api/core/v1.Container), thus, any specification under container such as command, args, securityContext , volumeMount can be specified, and applied to the EventSource or Sensor pod. With these, a user would be able to gain privileged access to the cluster host, if he/she specified the EventSource/Sensor CR with some particular properties under template. This vulnerability is fixed in v1.9.6. |
| Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths.
This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. |
| A vulnerability was identified in FNKvision Y215 CCTV Camera 10.194.120.40. Affected by this issue is some unknown functionality of the file /etc/passwd of the component Firmware. Such manipulation leads to hard-coded credentials. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. |